Thanks for the suggestion lukeelmers, I was able to get it working following these instructions!
For the record, if anyone else is trying to do this, I set up an nginx server using the following configuration:
server {
listen 4443 ssl; # non-standard port to separate from apache traffic
server_name <your url>;
ssl_certificate <path to public key>;
ssl_certificate_key <path to private key>;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Authorization "Basic <Base64 encoded credentials>"; # base64-encoded username:password to pass in header
proxy_set_header X-Found-Cluster <instance-id>;
proxy_pass <kibana-endpoint-uri>:9243;
}
}
As tsullivan said in the other thread, the crednetials can be encoded using
echo -n username:password | base64
The one thing that was unclear in that thread was the X-Found-Cluster header which must be set for this to work with an Elastic Cloud instance. The instance ID you need is the alphanumeric code which appears as the subdomain in your kibana endpoint, e.g. https://<instance-id>.us-east-1.aws.found.io:9234.